How to configure passwordless login in Mac OS X and Linux

Overview

Once you set up a shell user and try to log in via SSH, you'll find you must enter your password each time. If you’d like to avoid entering your password every time, you can set up Passwordless Login. This way, you'll be able to automatically login each time immediately without needing to enter your password.

In this article, 'username@server.dreamhost.com' is used as the login example.

The following are instructions on how to set up Passwordless Login for any Unix, Linux, OSX, or Cygwin machine.

Step 1 – Generating the key pair

On your home computer:

Generate an RSA private key using ssh-keygen (unless you have already created one).

If you’re using Linux or Mac OS X, open your terminal and run the following command under your username:

[local]$ ssh-keygen -t rsa

This creates a public/private keypair of the type (-t) rsa.

Generating a public/private rsa key pair.
Enter the file in which you wish to save they key (i.e., /home/username/.ssh/id_rsa).

If you click 'Enter', the key will be created with the default name of 'id_rsa'. You can name this anything you like, but if you choose a custom name, you'll need to let your SSH client know about the new key name. View Step #3 below for details.

Also, if you choose to use a custom name, make sure to specify the full path to your user's .ssh directory. If you do not, the new key pair is created in the directory you're running the command.

Once the keypair is created, you are prompted to enter the following items.

Click Enter on your keyboard to continue.

Enter a passphrase (leave empty for no passphrase).

You do not need to enter a passphrase, but it's highly recommended as it protects your private key if compromised. If so, someone would still need your passphrase in order to unlock it.

The exception to this is if you're running an automated process such as as cron job. You should then leave the password out. From ssh.com:

"Generally all keys used for interactive access should have a passphrase. Keys without a passphrase are useful for fully automated processes."

If you get the error message "Too many arguments" make sure to check the command. The -i flag must be used.

This command responds with the following:

/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed == if you are prompted now it is to install the new keys
username@server.dreamhost.com's password:

Enter your password and you'll see the following:

Number of key(s) added: 1

Now try logging into the machine, with: ssh username@server.dreamhost.com and check to make sure that only the key(s) you wanted were added.

Mac OS X command

Run the following command to copy the public key on your local computer to DreamHost's server.

The authenticity of host 'server.dreamhost.com (208.113.136.55)' can't be established.
RSA key fingerprint is 50:46:95:5f:27:c9:fc:f5:f5:32:d4:3a:e9:cb:4f:9f.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'server.dreamhost.com,208.113.136.55' (RSA) to the list of known hosts.
username@server.dreamhost.com's password:

The commands above create a new folder under your DreamHost user named /.ssh with 700 permissions.

In that folder is your authorized_keys file which was just copied from your home computer which has 600 permissions.

Step 3 – Adding your custom key to your ssh client

This step is only necessary if you gave your key a custom name in Step #1 above.

When creating your key pair, you choose what to name it. For example, the default name is 'id_rsa', but you can name it anything you like while creating it. However, if you choose a custom name, you'll need to let your SSH client know about the new key.

You do this by starting ssh-agent. Start ssh-agent by running the following command. Make sure you use the backquote ` character and not a single quote – this backquote character is usually on the top left of your keyboard on the tilde ~ key:

[local]$ eval `ssh-agent`

You can then run the following command (make sure to change customkey_rsa to your keyname):

[local]$ ssh-add ~/.ssh/customkey_rsa

You can then check to confirm it's been added by running the following:

Step 4 – Confirming the SSH connection

If everything is configured properly, you should now be able to access your DreamHost account through SSH without a password. Run this command on your home computer where you just created the original keypair.

[server]$ ssh username@server.dreamhost.com

You should now be able to log in without using a password.

Specifying a key pair for SSH to use

By default, your client will use the identity (private key) named ~/.ssh/id_rsa. However, if you've created more than one key, you can specify which one to use when connecting using the -i flag. For example:

[server]$ ssh -i ~/.ssh/customkey username@server.dreamhost.com

Confirm the identity being used

You can confirm the identity (private key) you're using if you add the -v flag.

[server]$ ssh -v username@server.dreamhost.com

This will display a lot of output, but you're looking for these lines to confirm which identity you're using.

What if you have more than one key pair?

If you have more than one key, you'll need to add them all to ssh-agent. For example, if you have an id_rsa key in addition to a custom key, make sure you add both using ssh-add (as shown above). This will ensure that the 'Offering RSA public key' line above displays the correct key when connecting.

Troubleshooting

If you are not being automatically logged in, view the following article for possible solutions: